I have users who log into the Server as DomainUsers, these same users log into the same Server occasionaly as Remote Desktop users. I have the users in an OU called Remote Desktop users with a group policy in effect on the OU. My problem is that I do not want the Remote Desktop policy to affect the Users when they are logged in as DomainUsers. I do not want the Remote Desktop users to do automatic updates and have a shutdown button in their start menu. I know how to turn this off, but it affects their PC's when they login as DomainUsers. Help!!
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Domain and Remote Desktop Policies
- Thread starter Pronet
- Start date
Helenp1983
MIS
Do you mean the they login to the PC's as domain users and login to the server as remotedesktop users? Or do you mean a user has two different logins? I don't understand exactly.
My local server policy and my domain controller policy which is on the container servers, don't allow anyone who isn't an administrator to shutdown. But the users can shutdown there machines becuase the policy only applies to the servers.
My local server policy and my domain controller policy which is on the container servers, don't allow anyone who isn't an administrator to shutdown. But the users can shutdown there machines becuase the policy only applies to the servers.
- Thread starter
- #3
justin42279
MIS
I don't believe I'm following this thread.
Are you saying they log into their machines with their username and remote to the server using the username "domianusers"?
Are you wanting a way for a normal user to remote into the server and not have the option of rebooting or shutting down the server? If that's the case, then this can be achieved by using GPMC and creating a GP under the OU that contains the computer or computers that you want to protect. Edit that OU and drill to the Computer Config-Windows Settings-Local Policies/User Rights Assignment and modify the "Shut down the system" section. Place the users you want to have permission to shutdown the computer.
Close out the windows, click on the new policy to highlight, click on the delegation tab. Add each computer that you would like this GPO to effect. If you don't add the user workstations, this GPO will not effect those settings.
The effect should be users can shut down their machines but cannot remote into a server and shut down the server. I have this set on one of my servers but my settings differ a little depending on how your AD is setup.
Hope this helps.
Justin
Are you saying they log into their machines with their username and remote to the server using the username "domianusers"?
Are you wanting a way for a normal user to remote into the server and not have the option of rebooting or shutting down the server? If that's the case, then this can be achieved by using GPMC and creating a GP under the OU that contains the computer or computers that you want to protect. Edit that OU and drill to the Computer Config-Windows Settings-Local Policies/User Rights Assignment and modify the "Shut down the system" section. Place the users you want to have permission to shutdown the computer.
Close out the windows, click on the new policy to highlight, click on the delegation tab. Add each computer that you would like this GPO to effect. If you don't add the user workstations, this GPO will not effect those settings.
The effect should be users can shut down their machines but cannot remote into a server and shut down the server. I have this set on one of my servers but my settings differ a little depending on how your AD is setup.
Hope this helps.
Justin
- Thread starter
- #5
- Status
Similar threads